From owner-freebsd-stable Fri Jan 31 14:16:14 2003 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5ACFA37B401 for ; Fri, 31 Jan 2003 14:16:13 -0800 (PST) Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id D0EDC43F3F for ; Fri, 31 Jan 2003 14:16:12 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org (12-234-89-252.client.attbi.com[12.234.89.252]) by rwcrmhc52.attbi.com (rwcrmhc52) with ESMTP id <2003013122161205200duku1e>; Fri, 31 Jan 2003 22:16:12 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.6/8.12.3) with ESMTP id h0VMG7eq031399; Fri, 31 Jan 2003 14:16:07 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.6/8.12.6/Submit) id h0VMG7oO031398; Fri, 31 Jan 2003 14:16:07 -0800 (PST) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Fri, 31 Jan 2003 14:16:06 -0800 From: "Crist J. Clark" To: Claus Guttesen Cc: stable@freebsd.org Subject: Re: IPF & IPFW Message-ID: <20030131221606.GC30498@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <03Jan31.190830nzdt.119046@homer.fire.org.nz> <20030131111050.93999.qmail@web14101.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030131111050.93999.qmail@web14101.mail.yahoo.com> User-Agent: Mutt/1.4i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jan 31, 2003 at 12:10:50PM +0100, Claus Guttesen wrote: > Hi. > > > I am writing an app to do pre-pay internet and are > > using a combination > > of ipf and ipfw. I stupidly assumed that ipfw ran > > before ipf, of course > > its the other way around. This has put a hurdle in > > You may wish to read > http://home.earthlink.net/~jaymzh666/ipf/IPFfreebsd.html#14. > This explains in what order ipf and ipfw is loaded. > > If you want to let ipfw to process the ip-packet > first, you can remove ipfilter from the kernel and > load it as a module instead. This should solve your > problem. Nuh-uh. The hooks for ipf(8) and ipfw(8) always are in the same place in ip_input.c and ip_output.c. The order of loading modules has no impact. To the original poster, there is nothing you can do short of hacking ip_input.c and ip_output.c to fit your designs. But you are perfectly free to do it if you'd like. (Ain't open source and BSD licenses great?) -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message